KUBE_CONTROLLER_MANAGER_OPTS="--v={{ DEFAULT_LOG_LEVEL }} \
--allocate-node-cidrs=true \
--authentication-kubeconfig=/etc/kubernetes/controller-manager.kubeconfig  \
--authorization-kubeconfig=/etc/kubernetes/controller-manager.kubeconfig  \
--bind-address=0.0.0.0 \
--secure-port=10257 \
--tls-cert-file=/etc/kubernetes/pki/tls.pem \
--tls-private-key-file=/etc/kubernetes/pki/tls-key.pem \
--client-ca-file=/etc/kubernetes/pki/ca.pem \
--cluster-cidr={{ CLUSTER_CIDR }} \
--cluster-name={{ CLUSTER_NAME }} \
--cluster-signing-cert-file=/etc/kubernetes/pki/ca.pem \
--cluster-signing-key-file=/etc/kubernetes/pki/ca-key.pem  \
--controllers=*,bootstrapsigner,tokencleaner  \
--kubeconfig=/etc/kubernetes/controller-manager.kubeconfig \
--leader-elect=true \
--requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.pem  \
--root-ca-file=/etc/kubernetes/pki/ca.pem \
--service-account-private-key-file=/etc/kubernetes/pki/sa.key \
--service-cluster-ip-range={{ SERVICE_CLUSTER_IP_RANGE }} \
--use-service-account-credentials=true \
--terminated-pod-gc-threshold=100 \
--cluster-signing-duration=87600h0m0s"